What HIPAA Means for Covered Entities and Business Associates
What is HIPAA? How does HIPAA apply to my business and what must I do to ensure I’m HIPAA compliant? Watch as our HIPAA Expert, Stephanie Rodrigue, walks us through the ins and outs of HIPAA and protecting ePHI for covered entities and business associates.
HIPAA refers to laws that apply to covered entities and business associates regarding the privacy, security, and accessibility of electronic protected health information (ePHI). Covered entities and business associates use this information to provide services to the public such as medical care, and the filing and billing of medical claims. Covered entities include doctor’s offices, hospitals, healthcare providers, health plans, and healthcare clearing houses. Because these entities are collecting health information directly from the patient, it’s probably obvious that they are responsible for protecting ePHI.
But, there are actually many types of companies providing services such as data storage, analytics, marketing, billing, collections, and practice management that are receiving ePHI from a covered entity and are also responsible to protect ePHI under the HIPAA security and privacy rule. The HIPAA/HITECH Act is enforced by the Office for Civil Rights (OCR) through a required notification, audit, and fine program. If a covered entity or business associate does not have proper safeguards in place to protect ePHI, a breach of this information can occur and fines will be assessed and issued by the OCR.
Understanding how to protect ePHI is a critical responsibility of covered entities and business associates because HIPAA laws dictate how this private information is received, transmitted, and stored and how it is made accessible to the patient.
If you clicked on a video entitled, “What is HIPAA?” then you’re probably pretty new to this topic. So I’d like to start by defining some of the terms that you’re going to encounter. First, HIPAA is an act that was passed in 1996 and updated in 2009 with the HITECH act. And these provide the rules for the privacy and security of protected health information. Protected health information is commonly referred to by the acronym, “PHI”, and it’s the information that’s collected about the health care or payment for healthcare that can be directly linked to an individual.
Covered entities commonly collect this information. These are doctors offices, hospitals, other health care providers, health plans, and health care clearing houses.
Another group that comes into contact with PHI are the business associates and these are people or organizations that provide services on behalf of a covered entity.
I hope that this information provides a little bit of help for you. If you have more questions please feel free to contact us.